package com.czkt.springboot_mybatis_test.config;

import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {
    @Bean
    public MyShiroRealm myShiroRealm(){//自定义Realm
        return new MyShiroRealm();
    }

    @Bean
    public SecurityManager securityManager(){//安全管理器SecurityManager
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //注入Realm
        securityManager.setRealm(myShiroRealm());
        return securityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){//Shiro过滤器：权限验证
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //注入SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //权限验证：使用Filter控制资源(URL)的访问
        return shiroFilterFactoryBean;
    }
}
